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REMARKS 

This amendment is submitted in response to the Office Action mailed on May 2, 2007. 
Reconsideration and allowance of this application, as amended, is respectfully requested in 
view of the remarks that follow. 

The three independent claims 1,17, and 22 are of similar scope - claim 1 is a method 
claim, while claims 17 and 22 are apparatus claims. Claim 22 differs from claim 17 in that it 
contains "means for" terminology. These three independent claims will be discussed together 
in the discussion which follows. Representative claim 1 will be the focus of the discussion. 

Claims 2 and 3 have been cancelled. The limitations expressed in claim 3 have been 
incorporated into the three independent claims 1, 17, and 22. The reason for this alteration to 
the claims is explained below. 

A. The Rejection 

All of the Claims stand rejected under 35 USC § 103(a) as obvious in view of the 
combination of U.S. Published Application No. US 2002/0257267 Al filed by John L. 
Williams, et al. on February 13, 2004 (claiming the priority of provisional application No. 
60/448,313, filed on Feb. 14, 2003) with U.S. Patent No. US 6,229,540 Bl which issued to 
Daniel L. Tunelli, et al. on May 8, 2001. Reconsideration of this rejection and allowance of 
the claims as amended is respectfully requested for the following reasons. 

The Examiner is reminded that many of the words and phrases which appear in the 
claims are defined in the specification, in a special "Definition of Terms" section that appears 
in paragraphs [0029] through [0047]. These definitions were previously presented to the 
Examiner and discussed in an amendment filed on February 12, 2007. 

In this application as originally filed, claim 1 was a generic claim. Two species of the 
invention were defined by claims 2 and 3. In claim 2, the result of the analysis of the security 
information collected from the nodes of an enterprise under audit is compared to "information 
derived from industry standards applicable to the relevant peer group of enterprises." 
Applicant has cancelled claim 2. 

-7- 



Atty. Dkt. No. 10013526-1 



In claim 3, the results of the analysis of the security information collected from the 
nodes of an industry under audit is compared to "information derived from information 
previously obtained through application of the collecting and analyzing steps to two or more 
enterprises in the relevant peer group." Applicant has cancelled claim 3 and has inserted the 
language set forth here in quotation marks into independent claim 1. Similar language has 
been inserted into independant claims 17 and 22. 

Accordingly, all of the claims presently before the Examiner are now directed to the 

the invention defined by claim 1 and former claim 3. To infringe these claims, security 
information must be collected from the nodes of an enterprise under audit; this information 
must then be analyzed, and a first result of this analysis must be presented; and then this first 
result must be compared to a second result "comprising security standards applicable to the 
enterprises under audit and one or more other enterprises that together form a relevant peer 
group, the second result comprising information derived from information previously 
obtained through application of the collecting and analyzing steps to two or more enterprises 
in the relevant peer group." 

Applicant submits that the Williams, et al. application teaches only comparing the 
security of the nodes in a single enterprise to relevant standards, not to information derived 
previously from two or more other enterprises that, taken together with the single enterprise 
under audit, form a relevant peer group of three or more enterprises. The discussion in the 
Williams, et al. application is thus limited to the auditing of only a single enterprise, as is 
illustrated in Figure 1 of the Williams, et al. application. In the present application and its 
claims, the term "enterprise" is defined as follows: 

a collection of computers, software, and networking that interconnects the computing 

environment of an organization of people (present application, paragraph 

[0030]) 

In Figure 1, the single enterprise shown includes computers located in Chicago, New York, 
and London all of which are interconnected by a single private WAN 20 (wide area network), 
with this private WAN interconnection being positioned behind the firewalls 24 that isolate 
the computers in this single enterprise from the public Internet 18. The fact that a single 
enterprise is shown in Figure 1 is further emphasized by the fact that a common security 
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system is shown used to manage security for all of the computers in all three cities. Hence, 
only a single enterprise is shown in Figure 1 . 

In the Examiner's discussion of claim 3, the Examiner suggests that "... Williams 
disclosed the method wherein ... the second result comprises information collecting and 
analyzing steps to two or more enterprises in the relevant peer group ... (paragraphs 0010, 
0007)." (Office Action mailed on May 2, 2007, pageS, paragraph 9) Respectfully, applicant 
disagrees. In paragraph 0007, Williams, et al. indicates that an enterprise which includes as 
few as a few thousand nodes is still so large that auditing consultants "typically can only 
review a small sampling of the network (only 5-10 persent)." There is no mention in 
paragrahp 0007 of auditing more than one enterprise. Likewise, paragraph 0010 describes a 
system "for auditing the security of a data communications network." Figure 1 of the 
Williams, et al. application, as just explained, shows only a single enterprise, not three or 
more enterprises. Also, there is no teaching in the Johnson, et al. application that the results 
of auditing one enterprise should be compared to the results of auditing several other similar 
enterprises. 

The Tonelli, et al. patent also does not teach that the results of auditing one enterprise 
should be compared to the results of auditing several other enterprises that form a logical peer 
group with the first enterprise. "Peer Group" is defined in the present application as follows: 

The relevant peer group of an enterprise that is being audited can be defined in 
several different ways: For example, it can be enterprises assigned to the same 
business category as the enterprise; enterprises involved in the same (or similar) 
industry or business as the enterprise (health, education, military, etc.); enterprises 
having computers configured similarly to the enterprise's computers (considering both 
systems and business configuration); or enterprises required to comply with the same 
security standards as the enterprise; or a combination of these, (present application, 
paragraph [0046]) 

The Tonelli, et al. patent does discuss comparing network configurations, but they are always 
configurations of the same network - comparison of a network's previous configuration with 
its present configuration (col. 4, lines 34-37), for example, or comparisons of a network's 
design configuration with its actual configuration (col. 4, lines 34-41, particularly lines 37- 
41). Such comparisons can reveal discrepancies, such as a network component previously 
configured properly or previously configured in accordance with a design plan that is now 
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configured differently, probably due to being improperly configured or defective (col. 4, lines 
41-42). Such comparisons of the configuration of an enterprise to a past configuration or to a 
"correct" configuration of that same enterprise is not what the present claims specifically call 
for. The claims, as amended, call instead for the result of analyzing a given single enterprise 
to be compared to the results of previously analyzing several other different enterprises that 
form a logical peer group with the given enterprise. This not taught in the Tonelli, et al. 
patent. 

Conclusion 

In view of the above, applicant respectfully that this application and its amended 
claims be allowed to mature into a patent. Early and favorable action is respectfully 
requested. 

The Examiner is invited to contact the undersigned by telephone if it is felt that a 
telephone interview would advance the prosecution of the present application. 

The Commissioner is hereby authorized to charge any additional fees which may be 
required regarding this application under 37 C.F.R. §§ 1.16-1.17, or credit any overpayment, 
to Deposit Account No. 08-2025. Should no proper payment be enclosed herewith, as by a 
check being in the wrong amount, unsigned, post-dated, otherwise improper or informal or 
even entirely missing, the Commissioner is authorized to charge the unpaid amount to 
Deposit Account No. 08-2025. If any extensions of time are needed for timely acceptance of 
papers submitted herewith. Applicants hereby petition for such extension under 37 C.F.R. 
§1.136 and authorizes payment of any such extensions fees to Deposit Account No. 08-2025. 
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Respectfully submitted, 



Date 



FOLEY & LARDNER LLP 
3000 K Street, NW 
Washington, DC 20007 
Telephone: 202-672-5399 
(Attorney William T. Ellis) 
Facsimile: 202-672-5399 




James i 

Attome^rfor Applicants 
Registration No. 25,061 

Telephone 847-446-7399 



-11- 



